Equifax sends breach victims to fake support site

Equifax sends breach victims to fake support site

Can you tell the difference between equifaxsecurity2017.com and securityequifax2017.com? One is a lookalike support page set up to teach Equifax a lesson.

A tweet from Wednesday sending breach victims to the mock support site.Twitter/Screenshot by Alfred Ng

Now Equifax knows what it’s like to have its identity stolen.

The credit monitoring company has been tweeting out a link to victims of its massive breach that’s actually a fake support page set up to look exactly like its own.

The real Equifax support URL is equifaxsecurity2017.com. But since Sept. 9, two days after the breach was announced, Equifax has also been tweeting out the spoof page at securityequifax2017.com.

Although Equifax’s Twitter account used the proper URL most of the time, the mock page was sent out in tweets from the account at least seven times. Those tweets have since been deleted, but one from Monday was still up at about 11 a.m. PT Wednesday.

Equifax didn’t respond to a request for comment.

The mock page looks exactly like Equifax’s support page, but with a few significant details changed. At the top of the fake page, Nick Sweeting, the site’s creator, asked, “Why did Equifax use a domain that’s so easily impersonated by phishing sites?”

Sweeting bought and registered the spoof domain name the same day Equifax announced the breach. In the 11 days since then, he said he’s received more than 100,000 hits on his fake URL.

The software engineer said it only took 20 minutes to build an exact copy of Equifax’s website. It cost him $15 for domain hosting and server maintenance. Sweeting said he did it to teach Equifax a lesson about its vulnerable URL and how easy it was to spoof.